Air traffic control data found on eBayed network gear

Discussion in 'News' started by GiddyG, Oct 1, 2011.

  1. GiddyG

    GiddyG Terabyte Poster Gold Member

    2,471
    42
    140

    Air Traffic control data found on eBayed network gear



    A switch with networking configurations and passwords for the UK traffic control centre was offered for sale on eBay, raising serious security concerns.

    The £20 Cisco Catalyst switch was bought by security consultant Michael Kemp, co-founder at Xiphos Research Labs, who quickly discovered that it has been used at the National Air Traffic Services (NATS) centre in Prestwick by contractor Serco. Data on the switch included supervisor credentials, internal VLAN and other networking configurations and upstream switch addresses as well as domains, gateways and syslogs.


    "For twenty quid, I have got full switching details (and creds) for a switch that was in use (managed by Serco) two years ago to help keep planes in the air at Prestwick," Kemp explained. "Obviously this is a security fail, especially as the seller had 13 of the units that may well have come from the same estate."


    A screenshot from of the configuration screen of the kit bought by Kemp, with Serco branding clearly visible, can be found here.
    .

    Full Story here
     
porta2_tags:

Comments

    1. Boffy
      Boffy
      Interesting story and slightly concerning.

      But...could he have really of done much with the details he had? I've no knowledge of networking so how much can you tamper/alter with the information that goes through it?

    Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.